#!/bin/bash

# 创建自签名证书用于测试
# 注意：这些证书仅用于开发测试，不应用于生产环境

echo "Creating test certificates for WSS testing..."

# 创建测试证书目录
mkdir -p test-certs

# 生成私钥
openssl genrsa -out test-certs/server-key.pem 2048

# 生成证书签名请求
openssl req -new -key test-certs/server-key.pem -out test-certs/server-csr.pem -subj "/C=US/ST=Test/L=Test/O=Test/CN=localhost"

# 生成自签名证书
openssl x509 -req -in test-certs/server-csr.pem -signkey test-certs/server-key.pem -out test-certs/server-cert.pem -days 365

# 生成CA证书（用于客户端验证）
openssl req -new -x509 -key test-certs/server-key.pem -out test-certs/ca-cert.pem -days 365 -subj "/C=US/ST=Test/L=Test/O=TestCA/CN=TestCA"

echo "Test certificates created in test-certs/ directory:"
echo "- server-key.pem: Private key"
echo "- server-cert.pem: Server certificate"
echo "- ca-cert.pem: CA certificate (use this in the extension)"

echo ""
echo "To test WSS, you can use the ca-cert.pem file in the extension."
echo "Remember: These are test certificates only!"
